* 3.4:
fix translation domain
tag the FileType service as a form type
[Validator] Fix GroupSequenceProvider annotation
Update ajax security cheat sheet link
Fix AuthenticationException::getToken typehint
This PR was squashed before being merged into the 3.4 branch (closes#32044).
Discussion
----------
[Validator] Fix GroupSequenceProvider annotation
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The possibility was added in https://github.com/symfony/symfony/pull/19982, just forgot to fix this annotation back then.
Commits
-------
bf6d2532de [Validator] Fix GroupSequenceProvider annotation
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Fix AuthenticationException::getToken typehint
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see below -->
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
The token may be not set when throwing AuthenticationException.
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
a9705a0143 Fix AuthenticationException::getToken typehint
* 3.4:
Fix expired lock not cleaned
[HttpFoundation] Fix SA/phpdoc JsonResponse
SimpleCacheAdapter fails to cache any item if a namespace is used
validate composite constraints in all groups
[Serializer] Handle true and false appropriately in CSV encoder
Fix binary operation `+`, `-` or `*` on string
[VarDumper] fix dumping objects that implement __debugInfo()
[Routing] fix absolute url generation when scheme is not known
This PR was squashed before being merged into the 3.4 branch (closes#32025).
Discussion
----------
SimpleCacheAdapter fails to cache any item if a namespace is used
| Q | A
| ------------- | ---
| Branch? |3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
This is a backport of #32019
The SimpleCacheAdapter extends AdapterTestCase.
When adding a namespace, the AdapterTestCase adds ":" after the namespace:
https://github.com/symfony/symfony/blob/v4.3.1/src/Symfony/Component/Cache/Adapter/AbstractAdapter.php#L37
The namespace is prepended to the cache key.
But in PSR-16, the ":" is a forbidden character.
As a result, the cache key is invalid and cache is not persisted. If you use Psr16Adapter + a namespace, the cache simply does not work.
As per @nicolas-grekas advices, a NS_SEPARATOR const is added to change the namespace separator for the `SimpleCacheAdapter` to "_" (that is compatible with PSR-16).
The first commit of this PR starts with an additional test and no fix (to showcase the problem).
Commits
-------
ffd3469ddf SimpleCacheAdapter fails to cache any item if a namespace is used
This PR was squashed before being merged into the 3.4 branch (closes#32007).
Discussion
----------
[Serializer] Handle true and false appropriately in CSV encoder
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27642
| License | MIT
| Doc PR | -
Previously, if `true` was passed in as a value to the CSV encoder then `fputcsv()` would correctly treat it as 1. However, if `false` was passed in, it would be treated as a blank value. `null` would also be treated as a blank value.
This fix makes it consistent so that true and false will map to 1 and 0, while null maps to an empty string.
Commits
-------
89cba00c68 [Serializer] Handle true and false appropriately in CSV encoder
This PR was merged into the 3.4 branch.
Discussion
----------
[Routing] fix absolute url generation when scheme is not known
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #25491
| License | MIT
| Doc PR |
This fixes two edge cases in the url generator:
1. when the context scheme is not known (empty) generating an absolute url would return an invalid url starting with `://host/path`. #25491 handled the case when the host is unknown which makes sense. but the way it was done, created this new problem.
2. non-http(s) urls do not require a host. e.g. typical `file:///path` urls. url generator is fixed to be in line with rfc3986
Commits
-------
8e04222976 [Routing] fix absolute url generation when scheme is not known
This PR was merged into the 3.4 branch.
Discussion
----------
[VarDumper] fix dumping objects that implement __debugInfo()
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Right now it fails if the return value is not an array + it doesn't dump the original details from the object's internals.
Commits
-------
a9d0038ec0 [VarDumper] fix dumping objects that implement __debugInfo()
* 3.4:
[WebProfilerBundle] fix FC with HttpFoundation v5
[Form] test case is not legacy
Fix reporting unsilenced deprecations from insulated tests
Added FormInterface to @return Form::getClickedButton docblock
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] test case is not legacy
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
At least it's green.
/cc @xabbuh @HeahDude
Commits
-------
9ad324ba29 [Form] test case is not legacy
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] Add Button type back to Form::getClickedButton docblock
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
In commit 56429a6f08 the `Button` type was removed from the return doc block.
I suspect this was an oversight because, AFAIK, the [recommended way](https://symfony.com/doc/current/form/multiple_buttons.html) to check the name of a clicked button would require a return type of `Button` or `SubmitButton`.
The effect is that our static analysis checks are failing.
```
Call to an undefined method
Symfony\Component\Form\ClickableInterface::getName().
```
Commits
-------
b71d589071 Added FormInterface to @return Form::getClickedButton docblock
This PR was merged into the 4.2 branch.
Discussion
----------
[DependencyInjection] fix the ValidateEnvPlaceHolderPassTest that was using a deprecated path for TreeBuilder
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | none <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | none <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
This should be fixed in 4.2 because the deprecation has been introduced in 4.2 as said by @stof in https://github.com/symfony/symfony/pull/31932/files#r291600094
Commits
-------
caabd92f89 [DependencyInjection] fix the ValidateEnvPlaceHolderPassTest that was using a deprecated path for TreeBuilder
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] Fix wrong DateTime on outdated ICU library
| Q | A |
| --- | --- |
| Branch? | 3.4 |
| Bug fix? | Yes |
| New feature? | No |
| BC breaks? | No |
| Deprecations? | No |
| Tests pass? | Yes |
| Fixed tickets | --- |
| License | MIT |
There is a problem, when server uses outdated version of ICU (php-intl).
It throws no exeption or debug message on unexisting Timezone. So sometimes you can get wrong DateTime in Forms, because Intl uses 'Etc/Unknown' (UTC+0) instead correct Timezone. And it happens very unobvious.
I added `\IntlExeption` for that cases.
Commits
-------
a6025ab5ee Change IntlTimeZone to DateTimeZone
This PR was merged into the 4.2 branch.
Discussion
----------
[Cache] Pass arg to get callback everywhere
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Some adapters does not pass an useless "save" bool arg. However, that makes a `CallbackInterface` callable unusable with them since the arg is required in the interface.
Commits
-------
d03eb033bb [Cache] Pass arg to get callback everywhere
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] Fixed case-sensitive handling of cache-control header in RedirectResponse constructor
…r in RedirectResponse constructor.
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? |no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #31862 <!-- #-prefixed issue number(s), if any -->
| License | MIT
Perform a case-insensitive check on `$headers` in \Symfony\Component\HttpFoundation\RedirectResponse::__construct()
Commits
-------
b5e6c99a3b [HttpFoundation] Fixed case-sensitive handling of cache-control header in RedirectResponse constructor.
* 3.4:
Fix json-encoding when JSON_THROW_ON_ERROR is used
[HttpFoundation] work around PHP 7.3 bug related to json_encode()
[Security] added support for updated \"distinguished name\" format in x509 authentication
The `$expected` template seems not to be consistent.
It will change when the DST value is 0 (it'll not have `dst_savings` for
example)
This patch takes care of the issue, by adding proper condition.
Sponsored-by: Platform.sh
This PR was squashed before being merged into the 4.2 branch (closes#31786).
Discussion
----------
[Translation] Fixed case sensitivity of lint:xliff command
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | -
| License | MIT
| Doc PR | (not needed)
I was checking some errors of `lint:xliff` (https://travis-ci.org/EasyCorp/EasyAdminBundle/jobs/540053551#L657) and saw this:
```
ERROR in src/Resources/translations/EasyAdminBundle.sr_RS.xlf
* There is a mismatch between the language included in the file name ("EasyAdminBundle.sr_RS.xlf") and the "sr-rs" value used in the "target-language" attribute of the file.
ERROR in src/Resources/translations/EasyAdminBundle.zh_CN.xlf
* There is a mismatch between the language included in the file name ("EasyAdminBundle.zh_CN.xlf") and the "zh-cn" value used in the "target-language" attribute of the file.
```
This was suspicious, so I checked the XLIFF standard and it says (http://docs.oasis-open.org/xliff/v1.2/os/xliff-core.html#target-language):
```
target-language:
Unlike the other XLIFF attributes, the values are not case-sensitive.
```
So, it's valid that `zh-cn` is the target language and `zh-CN` is the file extension. This PR fixes that.
Commits
-------
ec690b2145 [Translation] Fixed case sensitivity of lint:xliff command
Currently BinaryFileResponse, when configured with X-Accel-Redirect sendfile type,
will only substitute file paths specified in X-Accel-Mapping. But if the provided
file path does not have a defined prefix, then the resulting header will include
the absolute path. Nginx expects a valid URI, therefore this will result in an
issue that is very hard to detect and debug as it will not show up in error logs
and instead the request would just hang for some time and then be re-served
without query parameters(?).
Use AssertEquals for these two specific case will do a better job,
since it'll convert both '0.1' and result of `getContent()` into PHP's
internal representation of floating-point and compares them and it should be fine.
Using `AssertSame` for this tests brings floating-point serialization
into consideration which of course will be php.ini specific.
In order not missing the type assertion point that `AssertSame` does,
we also perform `assertInternalType('string'...`
Sponsored-by: Platform.sh
This PR was merged into the 3.4 branch.
Discussion
----------
FragmentListener - fix typo in annotation
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Just a small typo I've found in fragment listener :)
Commits
-------
b6ff836a49 fix typo
This PR was merged into the 3.4 branch.
Discussion
----------
[Workflow] Do not trigger extra guards
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #31582
| License | MIT
| Doc PR |
---
With this patch, guards are executed only on wanted transitions
**Note for merger**: This is already fixed (in a different manner) in 4.2, So this patch should not be included in 4.2, instead take: #31585 or discard changes of Workflow class but keep tests
Commits
-------
ad0619748e [Workflow] Do not trigger extra guard
* 3.4:
[github] Implement the new security policy.
[Finder] fix wrong method call casing
Make tempfile path unique
minor: fix phpdocs in the ldap component
[Process] Fix infinite waiting for stopped process
Use absolute URL for when the profiler's domain differs from the controller's domain which initialises the profiler.
fix phpdoc
[DI] fix using bindings with locators of service subscribers
The temp-file that the test currently creates is `/tmp/log`.
This may exist on many platforms already (including `platform.sh` app containers).
With the proposed patch way the collision will be less likely.
Sponsored-by: Platform.sh